From 9d6140b4c37f39cdd0c1947adf07dc5ca1762055 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 26 Mar 2019 10:12:09 +0100 Subject: [PATCH 1/2] Fix harmless one byte buffer underflow on read When settings file has comments spanning a whole line there is harmless one byte read before the line buffer. Thanks Emiel Bruijntjes for finding the issue. --- src/settings.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/settings.c b/src/settings.c index 4f11537..922a55d 100644 --- a/src/settings.c +++ b/src/settings.c @@ -134,7 +134,8 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror int eq; len = strlen(linebuf); - if (linebuf[len - 1] != '\n' && !feof(f)) { + /* len cannot be 0 unless there is a bug in fgets */ + if (len && linebuf[len - 1] != '\n' && !feof(f)) { (void) fclose(f); return PWQ_ERROR_CFGFILE_MALFORMED; } @@ -146,13 +147,13 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror } /* drop terminating whitespace including the \n */ - do { + while (ptr > linebuf) { if (!isspace(*(ptr-1))) { *ptr = '\0'; break; } --ptr; - } while (ptr > linebuf); + } /* skip initial whitespace */ for (ptr = linebuf; isspace(*ptr); ptr++); -- 1.8.3.1